Open in app

Sign in

Write

Sign in

Deploy WSO2 Identity server with analytics in a GCE Kubernetes cluster using Helm from scratch

Thilina Manamgoda
Google Cloud - Community
Published in
5 min readJul 8, 2018

In this tutorial I am going to explain how to deploy WSO2 Identity server with analytics in a Google Kubernetes cluster. Tutorial has divided into two parts,

  • Configuring the infrastructure
  • Deploying the Kubernetes artifacts using Helm

Let’s start with configuring the infrastructure,

  1. Let’s create a GCP Free Tire if you don’t already have a GCP account.
  2. Goto the Google cloud platform dashboard and create a new project named helm-wso2 .
  3. Enable Kubernetes compute engine for the project by selecting Kubernetes compute engine from the menu and clicking enable billing. You can find more details from here.
  4. Now install Gcloud a command-line tool for managing the Google cloud platform. You can find how to install it for each Operating systems here.
  • Let’s initialize the gcloud command-line tool by executing following command in the terminal,
gcloud init
  • Accept the option to log in using your Google user account:
To continue, you must log in. Would you like to log in (Y/n)? Y

Login to your account and grant permission.

  • Next choose the project helm-wso2 from the list.
Which compute zone would you like to use as project default?
 [1] [helm-wso2]
 
 Please enter your numeric choice:1
  • Choose us-east1-b as the default region for the project,
Do you want to configure a default Compute Region and Zone? (Y/n)? Y

5. Next install kubectl command-line tool for managing Kubernetes clusters

gcloud components install kubectl

Now you have installed necessary tools to deploy a Kubernetes cluster.

6. Create a Kubernetes cluster by executing following command,

gcloud container clusters create helm-wso2-kubernetes --machine-type=n1-standard-2 --zone=us-east1-b

7. Execute following command to configure kubectl for the helm-wso2-kubernetes Kubernetes cluster

gcloud container clusters get-credentials helm-wso2-kubernetes

8. Enable Role based access control for the cluster

kubectl create clusterrolebinding cluster-admin-binding \
--clusterrole cluster-admin --user <EMAIL>

Here replace <EMAIL> with your Gmail address.

9. Deploy Ingress Controller by executing the following command,

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml --username admin --password $(gcloud container clusters describe helm-wso2-kubernetes | grep password | awk '{print $2}') && kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/cloud-generic.yaml

10. Now you have successfully deployed a Kubernetes cluster. You can get the cluster information using the following command

gcloud container clusters describe helm-wso2-kubernetes

11. Next install Helm following the instructions descried here. Leave out initializing for the moment.

12. After installation is done, let’s move onto initializing Helm,

kubectl create serviceaccount --namespace kube-system tiller && \
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller && \ helm init && \
kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'

In the next few steps we are going to create a Network file system, required to share several directories among the spawned instances.

13. Goto the Dashboard listed below and create a Single node file server in the zone us-east1-b with the name singlefs-1-helm-wso2 and default settings.

https://cloud.google.com/launcher/solution/click-to-deploy-images/singlefs

Now let’s logging to the NFS instance to create the required directories.

  • Get the password of the instance
gcloud compute instances \
describe singlefs-1-helm-wso2-vm \
--zone=us-east1-b \
--format='value(metadata.items[0].value)'
  • SSH into the instance,
gcloud compute --project "helm-wso2" ssh --zone "us-east1-b" "singlefs-1-helm-wso2-vm"

Enter the password obtained above when it is asked.

  • Mount the volume
sudo mount -t nfs singlefs-1-helm-wso2-vm:/data /mnt
  • Create following directories
mkdir -p /data/wso2is/deployment /data/wso2is/tenants /data/wso2is/analytics-data-1 /data/wso2is/analytics-data-2
  • Set the file permission
sudo useradd -u 802 wso2carbon && \
sudo groupadd -g 802 wso2 && \
sudo chown -R wso2carbon:wso2 /data/wso2is/

That is it !!!!!. You have successfully configured the environment. Now let’s move onto the next part.

In following steps we are going to deploy WSO2 Identity server with Analytics using Helm.

  1. Git clone the wso2/kubernetes-is repository
git clone https://github.com/wso2/kubernetes-is.git

2. Goto the directory kubernetes-is/helm/is-with-analytics

cd kubernetes-is/helm/is-with-analytics

3. is-with-analytics-conf directory contains the configurations. We can use is-with-analytics-conf/values.yaml file to feed configuration values.

username: "<WSO2 subscription email>"
password:  "<WSO2 subscription password>"
email:  "<WSO2 subscription email>"namespace: "wso2"
svcaccount: "wso2svc-account"
serverIp: <NFS Server IP>
sharedDeploymentLocationPath: "/data/wso2is/deployment"
sharedTentsLocationPath: "/data/wso2is/tenants"
analytics1DataLocationPath: "/data/wso2is/analytics-data-1"
analytics2DataLocationPath: "/data/wso2is/analytics-data-2"

Open this file with an editor of your choice.

  • Replace <WSO2 subscription email> & <WSO2 subscription password> with your WSO2 subscription credentials. If you don’t have an active WSO2 subscription, subscribe for the Free Trail subscription.
  • Replace <NFS Server IP>and add the private IP address of the NFS server

You can get the private IP of the NFS server using following command,

gcloud compute instances describe singlefs-1-helm-wso2-vm --zone=us-east1-b --format='value(networkInterfaces[0].networkIP)'

4. Let’s deploy is-with-analytics-conf Helm chart

helm install --name is-with-analytics-conf is-with-analytics-conf

5. Next deploy MySQL database,

helm install --name wso2is-with-analytics-rdbms-service -f mysql/values.yaml stable/mysql --namespace wso2

Verify whether the MySQL server is on ready state by executing following command,

kubectl get pods -n wso2 | grep 'wso2is-with-analytics-rdbms-service-mysql' | awk '{print $2}'

Check until 0/1 becomes 1/1 .

6. Deploy is-with-analytics-deployment Helm chart

helm install --name is-with-analytics-deployment  is-with-analytics-deployment/

Check whether the deployment is up and running,

kubectl get pods -n wso2 | awk '{print $2}'

Wait until the Ready status of the servers become from state 0/1 to1/1

7. Add /etc/hosts entry for the Host names

  • Get the Host names and IP address
kubectl get ing -n wso2
  • Add the above two host entries to /etc/hosts file

8. Now you can access WSO2 Identity server Management console in https://wso2is/carbon.

Kubernetes
Wso2
Helm
Docker
Google Cloud Platform

--

--

Thilina Manamgoda
Google Cloud - Community

Written by Thilina Manamgoda

173 Followers
Writer for

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams